7.8
CVSSv3

CVE-2022-0492

Published: 03/03/2022 Updated: 13/05/2022
CVSS v2 Base Score: 4.4 | Impact Score: 6.4 | Exploitability Score: 3.4
CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8
Vector: AV:L/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Summary

It exists that the BPF verifier in the Linux kernel did not properly restrict pointer types in certain situations. A local attacker could use this to cause a denial of service (system crash) or possibly execute arbitrary code. (CVE-2022-23222) ATTENTION: Due to an unavoidable ABI change the kernel updates have been given a new version number, which requires you to recompile and reinstall all third party kernel modules you might have installed. Unless you manually uninstalled the standard kernel metapackages (e.g. linux-generic, linux-generic-lts-RELEASE, linux-virtual, linux-powerpc), a standard system upgrade will automatically perform this as well.

Most Upvoted Vulmon Research Post

There is no Researcher post for this vulnerability
Would you like to share something about it? Sign up now to share your knowledge with the community.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

linux linux kernel

linux linux kernel 5.17

debian debian linux 9.0

debian debian linux 10.0

debian debian linux 11.0

redhat virtualization host 4.0

redhat enterprise linux 8.0

redhat enterprise linux eus 8.2

redhat enterprise linux server tus 8.2

redhat enterprise linux server aus 8.2

redhat enterprise linux for real time for nfv tus 8.2

redhat enterprise linux for real time tus 8.2

redhat enterprise linux server update services for sap solutions 8.2

redhat enterprise linux server update services for sap solutions 8.1

redhat enterprise linux for power little endian 8.0

redhat codeready linux builder 8.0

redhat codeready linux builder 8.2

redhat codeready linux builder for power little endian 8.0

redhat codeready linux builder for power little endian 8.2

redhat enterprise linux for ibm z systems 8.0

redhat enterprise linux for ibm z systems eus 8.0

redhat enterprise linux for power little endian eus 8.0

redhat enterprise linux for real time for nfv tus 8.0

redhat enterprise linux for real time tus 8.0

redhat enterprise linux server for power little endian update services for sap solutions 8.1

redhat enterprise linux server for power little endian update services for sap solutions 8.2

canonical ubuntu linux 18.04

canonical ubuntu linux 14.04

canonical ubuntu linux 20.04

canonical ubuntu linux 16.04

fedoraproject fedora 35

netapp solidfire \\& hci management node -

netapp hci compute node -

netapp baseboard management controller h410c -

netapp solidfire\\, enterprise sds \\& hci storage node -

netapp baseboard management controller h300s -

netapp baseboard management controller h500s -

netapp baseboard management controller h700s -

netapp baseboard management controller h300e -

netapp baseboard management controller h500e -

netapp baseboard management controller h700e -

netapp baseboard management controller h410s -

Vendor Advisories

Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this upd ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Enterprise Linux 77 Update Services for SAP SolutionsRed Hat Product Security has r ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 77 Advanced Update Support, Red Hat Enterprise Linux 77 Telco ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 73 Advanced Update SupportRed Hat Product Security has rated ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as ...
Synopsis Important: kernel security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 76 Advanced Update Support, Red Hat Enterprise Lin ...
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat P ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 6 Extended Lifecycle SupportRed Hat Product Security has rated ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product Securit ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product Security has rated this ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 84 Extended Update SupportRed Hat Product S ...
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat P ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 82 Extended Update SupportRed Hat Product S ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this update as ...
Synopsis Important: kpatch-patch security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Produ ...
Synopsis Important: kernel-rt security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel-rt is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated this upd ...
Synopsis Important: kernel security, bug fix, and enhancement update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 8Red Hat Product Security has rated ...
Synopsis Important: kernel security update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kernel is now available for Red Hat Enterprise Linux 81 Update Services for SAP SolutionsRed Hat Product Security ...
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU This flaw allows a local user to crash the system or escalate their privileges on the system (CVE-2022-0330) The cgroup release_agent is called with call_usermodehelper The function call_usermodehel ...
Synopsis Important: kpatch-patch-4_18_0-147_58_1 security and bug fix update Type/Severity Security Advisory: Important Red Hat Insights patch analysis Identify and remediate systems affected by this advisory View affected systems Topic An update for kpatch-patch-4_18_0-147_58_1 is now available for Red Hat Enterprise Linux 81 Upd ...
A random memory access flaw was found in the Linux kernel's GPU i915 kernel driver functionality in the way a user may run malicious code on the GPU This flaw allows a local user to crash the system or escalate their privileges on the system (CVE-2022-0330) The cgroup release_agent is called with call_usermodehelper The function call_usermodehel ...
Several security issues were fixed in the Linux kernel ...
Synopsis Moderate: OpenShift Container Platform 4750 security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4750 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Container Platfo ...
Several security issues were fixed in the Linux kernel ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-36310 A flaw was discovered in the KVM implementation for AMD processors, which could lead to an infinite loop A malicious VM guest could exploit this to cause a denial of service ...
Several security issues were fixed in the Linux kernel ...
A flaw in the processing of received ICMP errors (ICMP fragment needed and ICMP redirect) in the Linux kernel functionality was found to allow the ability to quickly scan open UDP ports This flaw allows an off-path remote user to effectively bypass the source port UDP randomization The highest threat from this vulnerability is to confidentiality ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
Several security issues were fixed in the Linux kernel ...
A heap-based buffer overflow flaw was found in the way the legacy_parse_param function in the Filesystem Context functionality of the Linux kernel verified the supplied parameters length An unprivileged (in case of unprivileged user namespaces enabled, otherwise needs namespaced CAP_SYS_ADMIN privilege) local user able to open a filesystem that do ...
A denial of service flaw for virtual machine guests in the Linux kernel's Xen hypervisor subsystem was found in the way users call some interrupts with high frequency from one of the guestsA local user could use this flaw to starve the resources resulting in a denial of service (CVE-2021-28711) A denial of service flaw for virtual machine guests ...
Synopsis Moderate: Red Hat Advanced Cluster Management 238 security and container updates Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 238 GeneralAvailability release images, which provide security and container updatesRed Hat Product Security has rated this update as having a securit ...
Synopsis Moderate: Red Hat Advanced Cluster Management 243 security updates and bug fixes Type/Severity Security Advisory: Moderate Topic Red Hat Advanced Cluster Management for Kubernetes 243 General Availability release images This update provides security fixes, bug fixes, and updates the container imagesRed Hat Product Security has ...
Several security issues were fixed in the Linux kernel ...
Synopsis Moderate: Migration Toolkit for Containers (MTC) 154 security update Type/Severity Security Advisory: Moderate Topic The Migration Toolkit for Containers (MTC) 154 is now availableRed Hat Product Security has rated this update as having a security impactof Moderate A Common Vulnerability Scoring System (CVSS) base score, whichg ...
Several vulnerabilities have been discovered in the Linux kernel that may lead to a privilege escalation, denial of service or information leaks CVE-2020-29374 Jann Horn of Google reported a flaw in Linux's virtual memory management A parent and child process initially share all their memory, but when either writes to a shared page, ...

Mailing Lists

Hello all, It has been discovered that under certain circumstances, the Linux kernel’s cgroups v1 release_agent feature can be used to escalate privilege and bypass namespace isolation unexpectedly CVE-2022-0492 has been assigned to this issue, which is corrected by requiring CAP_SYS_ADMIN in the initial user namespace when setting release_age ...

Github Repositories

A container image that tests whether a container enviroment is vulnerable to escapes via CVE-2022-0492 Best to execute under a new container running an image built with: $ cd can-ctr-escape-cve-2022-0492 $ docker build -t can-ctr-escape-cve-2022-0492:latest A pre-built image is available at us-central1-dockerpkgdev/twistlock-secresea

CVE-2022-0492 容器逃逸分析 [toc] 漏洞简介 漏洞编号: CVE-2022-0492 漏洞产品: linux kernel - cgroup 影响版本: ~linux kernel 517-rc3 漏洞危害: 当容器没有开启额外安全措施时,获得容器内root 权限即可逃逸到宿主机 环境搭建 在存在漏洞版本的内核的linux中使用docker 即可。 #关闭所有安全防护启动docker do

CVE-2022-0492-Checker A script to check if a container environment is vulnerable to container escapes via CVE-2022-0492

Practices for Kubernetes Security 20220412 Proposal Feedback: This could be a really interesting project I also wonder how a recent vulnerability in kubernetes (CVE-2022-0492) could be affected by this approach You might also want to discuss how other bugs/vulnerabilities in kubernetes could be detected/prevented with your approach Apart from having some functional protot

CVE-2022-0492-Checker A script to check if a container environment is vulnerable to container escapes via CVE-2022-0492 About the vulnerability On Feb 4, Linux announced CVE-2022-0492, a new privilege escalation vulnerability in the kernel CVE-2022-0492 marks a logical bug in control groups (cgroups), a Linux feature that is a fundamental building block of containers Th

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents Batchfile C C# C++ CSS Go HCL HTML Hack Java JavaScript Jinja Jupyter Notebook Kotlin Lua Objective-C Others PHP Pascal Perl PowerShell Pug Python Ruby Rust SCSS Scheme Shell Swift Tcl TypeScript XSLT Batchfile frizb/Windows-Privilege-Escalation - Windows Privilege Escalation Techniques and Sc

Awesome Stars A curated list of my GitHub stars! Generated by starred Contents api awesome aws bash c chrome cli cpp csharp database docker documentation electron go google hacktoberfest html http ios java javascript jekyll latex linux lua machine-learning macos markdown material-design mysql nodejs others p2p package-manager python python3 ruby rust security server shell

Awesome Stars A curated list of my GitHub stars! Generated by stargazed Contents Batchfile (1) C (12) C# (5) C++ (5) CSS (3) Go (21) HCL (1) HTML (7) Hack (1) Java (8) JavaScript (9) Jinja (1) Jupyter Notebook (1) Kotlin (1) Lua (1) Objective-C (2) Others (19) PHP (2) Pascal (1) Perl (3) PowerShell (18) Pug (1) Python (68) Ruby (6) Rust (3) SCSS (1) Scheme (1) Shell (17)

Recent Articles

Bug in the Linux Kernel Allows Privilege Escalation, Container Escape
Threatpost • Nate Nelson • 08 Mar 2022

To go along with the “Dirty Pipe” Linux security bug coming to light, two researchers from Huawei – Yiqi Sun and Kevin Wang – have discovered a vulnerability in the “control groups” feature of the Linux kernel which allows attackers to escape containers, escalate privileges and execute arbitrary commands on a host machine.
The bug (CVE-2022-0492) exists in the Linux kernel’s “cgroup_release_agent_write” feature, which is found in the “kernel/cgroup/cgroup-v1.c” functi...